Shulou(Shulou.com)06/03 Report--

This article mainly introduces "what is website hotlink protection". In daily operation, I believe that many people have doubts about what is website hotlink protection. The editor consulted all kinds of materials and sorted out simple and easy-to-use methods of operation. I hope it will be helpful for you to answer the doubts about "what is website hotlink protection"! Next, please follow the editor to study!

What is a hotlink?

What is the operation of piracy? take a look at the explanation given by Baidu: piracy refers to the content that service providers do not provide services themselves, bypassing other profitable end-user interfaces (such as advertising) through technical means. directly provide other service providers' service content to the end-users on their own website to deceive the browsing and click-through rate of the end-users. The beneficiaries do not provide resources or provide very few resources, while the real service providers do not get any benefits. Is the jargon a little confused? Then let's simply take a chestnut:

Usually we watch the news on TX, where there are a lot of hot pictures and video resources, which attract hundreds of millions of users to browse actively and earn a lot of advertising fees.

One day, a poor programmer had a whim and wanted to build his own website to attract users to earn advertising fees, but he had no resources, so he set his eyes on TX and thought: if you use its resources for me, you can make money for yourself with the resources of TX.

So through a series of technical means such as crawlers, he pulled the TX net resources to his own small rich network, bypassed the display page of the TX net and presented it directly to the user, achieving the goal that he could make money without providing resources.

However, this practice seriously damages the interests of TX network, not only diverting a large number of users, but also greatly increasing the pressure of TX network server and bandwidth due to a large number of indirect resource requests of Xiaofu network.

TX net cake passive, can not bear to decide to block Xiao Fu net such empty gloves white wolf site, and finally put out the hotlink protection system, except in the TX net site outside the resource request all banned, Xiao Fu net can no longer pull resources, Xiao Fu suddenly became a poor ratio, the above we give a simple example of what is the website hotlink To sum up, the simple point is that small sites steal large site resources in order to make a profit.

Since there are people who steal, there will be people to guard against theft, so let's see how to prevent theft.

How to protect against hotlink

Hotlink protection in google, Sina, NetEase, Tianya, etc., content-based site applications are more, after all, mainly rely on resources and content to make money.

When it comes to the implementation principle of hotlink protection, we should start with the HTTP protocol. We said above that after hotlink protection is set, "all resource requests other than those initiated on the TX network will be blocked." then the question is, how to identify which site a request URL is sent from?

Friends who are familiar with the HTTP protocol should know that there is a field called referer in the HTTP protocol header, which tells the server through referer which page the web page is linked from, and it is easy to know this. As long as you get the referer field, once you detect that the source is not from this site, you will block or return to the specified page.

The core idea of hotlink protection: try not to allow external stations to get my resources. Even if you can get resources through some means, it will also make your acquisition process extremely complicated and unable to achieve automatic processing, or simply give you problematic resources to disgust you.

There are many ways to do hotlink protection, and the referer attribute based on HTTP protocol header is only one of them. Let's analyze several ways to achieve hotlink protection. If you have a better way to implement it, you are welcome to leave a message.

Referer based on HTTP protocol

Hotlink protection based on referer in HTTP protocol can be implemented from the gateway layer or by using AOP or Filter interceptors.

Using Nginx for hotlink protection at the gateway layer is currently one of the easiest ways. By intercepting requests to access resources, the valid_referers keyword defines the whitelist to verify whether the referer address in the request header is local. If it is not a local request, rewrite forwards the request to the specified warning page.

Add: valid_referers none blocked to the server or location configuration module, where none: allow requests without http_refer to access resources (for example, enter image URLs directly in the browser); blocked: allow requests that do not begin with http:// and do not have a protocol to access resources.

Note: this implementation can limit most common illegal requests, but not purposeful requests, because they can be bypassed by falsifying referer information.

[root@server1 nginx] # vim conf/nginx.conf location / {root / web; index index.html;} location ~ *\. (gif | jpg | png | jpeg) ${root / web; valid_referers none blocked www.chengxy-nds.top; if ($invalid_referer) {# return 403 Rewrite ^ / https://img-blog.csdnimg.cn/20200429152123372.png;}} server {listen 80; server_name www.chengxy-nds.top; location / {root / bbs; index index.html;}} [root@server1 nginx] # systemctl restart nginx

The implementation of the Filter interceptor is easier to intercept the specified request URL and get whether the referer value in the HttpServletRequest is compared to the local site.

Public class MyFilter implements Filter {@ Override public void doFilter (HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException {HttpServletRequest req = (HttpServletRequest) request; HttpServletResponse res = (HttpServletResponse) response; String referer = req.getHeader ("referer") If (referer = = null | |! referer.contains (req.getServerName () {req.getRequestDispatcher ("XXX.jpg") .forward (req, res);} else {chain.doFilter (request, response);}} login verification to prohibit visitors from visiting

Login verification is an one-size-fits-all approach, generally used in forums, community sites, no matter what your request site is, log in to me first, no login request is directly rejected, simple and rough.

Graphic verification code

Graphic CAPTCHA is a relatively conventional restriction method, such as: when downloading resources, you must manually operate the CAPTCHA, so that the crawler tool can not bypass the verification, so as to protect the resources.

At this point, the study on "what is website hotlink protection" is over, hoping to solve everyone's doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.